Keep Your Phone System Secure from Hackers
VoIP PBX systems offer a number of business benefits including cost reduction, system flexibility, and advanced features that can support your business as it grows. But they aren’t without risk. Hacking and attacks can come from the internet or telephone lines. They try to exploit different vulnerabilities. Eventually, this exposure can lead to toll fraud, theft of confidential information, and loss of revenue. Although there is never a precaution that is 100% failsafe, you can follow a few basic tips to help minimize the risk.
So how can you minimize the risks and protect your business-crucial VoIP PBX system from potential net threats and internal malfeasance? Here are some basic practices that you can perform.
1. Use Strong Passwords
A weak password can leave a potential security gap. Hackers can easily exploit this. To that end, strong passwords should be used for every password required in your PBX. In general, a typical system will have passwords for: extension registrations, administration web interface, user web interfaces, and voicemails. It’s recommended that strong passwords of at least 8 characters be used. They should include a mix of upper and lower case along with digits. They should be changed periodically every 2-3 months at most.
2. Keep Your PBX Updated
A regular review and updating of your PBX firmware/software is a standard security practice. This keeps your phone system safe. Typically, the most recent version is often the most secure . Bugs and other potential vulnerabilities are found and fixed. Sometimes, critical security features or layers of protection are only supported by the latest version. This is due to technology evolving over time. Keeping an active annual Technical Support and Maintenance Subscription with Phonewire is the best way to ensure access to the latest software updates from the manufacturer.
3. Separate Voice and Data Traffic
Separating voice and data traffic is commonly recognized as an effective method to counter VoIP security risks. For some VoIP ISPs, they provide dedicated SIP trunks that support NGN ports (Next Generation Network). These can separate data, voice, and video networks or any combination of the three to form a converged network. In case you lack access to this, setting up VLAN (Virtual Local Networks) on your network can be an alternative. This ensures the PBX and phones are separated from the computers and other network devices. The voice traffic and data traffic can be logically separated by a VLAN switch. If one VLAN is penetrated, the other will remain secured. Also, limiting the rate of traffic to IP telephony VLANs can slow down an outside attack.
4. Avoid Port Forwarding
In an attempt to offer remote access for mobile workers, some on-premises IP-PBX vendors recommend doing port forwarding. But this is not a good idea at all. It risks potential attacks by opening a hole in your firewall. Instead, deploying a VPN device at both ends can be a smart choice. The connected devices from both ends can form an encrypted secure “tunnel” over the public internet. This keeps all of your traffic safe. With Phonewire, there is an optional annual Cloud Management solution. It allows Smartphone App users to seamlessly connect to our cloud servers instead of directly to your server and firewall. Your on-premises server maintains only one link directly to our cloud server through a secure VPN tunnel. You don’t need to open any firewall ports or complicated inbound rules. This eliminates any risk to your local network.
5. Secure the Trunks on PBX
One of the most noticeable purposes of PBX hacking is to kidnap the POTS lines or SIP trunks for expensive international calls. To prevent this, apply basic precautionary practices. Restrict the use of outbound calls from each vulnerable end-point. Disallow anonymous incoming calls. These can be performed in the following 3 ways.
- Set up outbound route permission: Your employees perform different tasks in your company. Not all of them need to make long-distance or international calls. Consider setting different outbound routes for different trunks: local, long-distance, and international. Assign outbound route permission only to the users that require the use of it. Limited access brings a more secure system.
- Disallow anonymous incoming calls: Unknown calls may be charged to the bill of your trunks. Attackers can dial into a PBX system using anonymous numbers. They use PBX functionality to generate an outbound call and incur call charges. To prevent such attacks, choose to disallow anonymous incoming calls. Do this through advanced SIP setting options of your PBX.
- Configure outbound restriction: If your PBX allows you to limit how many times a user can make outbound calls during a certain time period, configure the settings. This helps minimize losses caused by toll fraud, if there is any.
6. Block Unauthorized Access with Firewall
Firewall rules are pre-configured rules to control and filter traffic sent to the PBX. Create firewall rules on your PBX to filter specific source IP address/domain, ports, MAC address, and block dangerous access. Also, block suspicious access that might contribute to attack fraud or calls loss. For example, manually add a rule to block untrusted web access with specific IP addresses (IP blocklisting). You can also define a few Accept Rules, or Allowlists, and drop packets and connections from other hosts. This ensures system access.
To prevent massive connection attempts or brute force attacks, utilize the incorporated anti-hacking auto-detection mechanisms of your PBX system. This helps identify attackers based on the packets sent within a specific time interval and automatically blocks them.
7. Make a Contingency Plan
Though anti-hacking measures can be taken to best protected your phone system, there is no absolute safety. If an attacker successfully infiltrated your PBX or forced your PBX to fail, you should have a contingency plan. Here are 3 tips you can perform.
- First, if your PBX has Event Notification feature, make sure to set it up properly. This ensures you are informed of important changes on your PBX system (e.g., the change of administrator password). Timely updates are crucial.
- Second, schedule auto backup on your PBX. If your PBX cannot work, you can reset it and restore configurations from the backup file to ensure fast recovery.
- Third, consider implementing a redundancy solution. This helps maintain your business’s phone system when unexpected server failures occur.
